|Package Slug|| |
Missing Authentication for Critical Function
In Apache NiFi, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.
|Affected Versions|| |
All versions starting from 1.0.0 up to 1.11.4
Upgrade to version 1.12.0 or above.
|Last Modified|| |